Jump to content

SirGod

Moderators
  • Content count

    716
  • Joined

  • Last visited

  • Days Won

    11

SirGod last won the day on November 14

SirGod had the most liked content!

Community Reputation

384 Excellent

1 Follower

About SirGod

  • Rank
    V.I.P.
  • Birthday 06/26/91

Converted

  • Location
    Bucuresti
  1. Update: cautam si oameni cu experienta, nu doar junior.
  2. MacOS user "root" without password

    Deja doua bug-uri penibile, cam mare coincidenta ca să fie doar bug-uri. Poate asta e noua versiune de backdoor. Simplu, la vedere, "din greșeala". /teoriaconspiratiei
  3. Baza de date emails pt shop online

    Posturi insuficiente pentru Market. Categorie gresita. Gunoi.
  4. Cumpar baza de date email

    Posturi insuficiente pentru Market. Categorie gresita. Gunoi.
  5. Vand Pagini de Facebook Internationale

    Categorie gresita. Posturi insuficiente pentru market. Gunoi.
  6. Despre HTTPS si headere. Mai exact: HTTP Public Key Pinning HTTP Strict Transport Security Certificate Transparency Expect-CT OCSP Stapling Must-Staple Expect-Staple Certificate Authority Authorization Content Security Policy Secure Cookie Directive Link: https://depthsecurity.com/blog/pins-and-staples-enhanced-ssl-security
  7. Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk. Description: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience. As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted. Affected products: 6th, 7th & 8th Generation Intel® Core™ Processor Family Intel® Xeon® Processor E3-1200 v5 & v6 Product Family Intel® Xeon® Processor Scalable Family Intel® Xeon® Processor W Family Intel® Atom® C3000 Processor Family Apollo Lake Intel® Atom Processor E3900 series Apollo Lake Intel® Pentium™ Celeron™ N and J series Processors Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE). This includes scenarios where a successful attacker could: Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity. Load and execute arbitrary code outside the visibility of the user and operating system. Cause a system crash or system instability. For more information, please see this Intel Support article Link Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
  8. During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the authentication mechanism, there was not much we could do. The attack surface was still pretty small, there were only a few things we could tamper with. 1. Identifying the entry point In the login page I noticed a hidden POST parameter that was being sent for every login request: <input type="hidden" name="com.ibm.faces.PARAM" value="rO0..." /> The famous Base64 rO0 (ac ed in HEX) confirmed us that we were dealing with a Base64 encoded Java serialized object. The Java object was actually an unencrypted JSF ViewState. Since deserialization vulnerabilities are notorious for their trickiness, I started messing with it. Full Article: https://securitycafe.ro/2017/11/03/tricking-java-serialization-for-a-treat/
  9. cu ce mai criptam

    Sfat pentru Veracrypt. Sa faci și un recovery USB. Eu am reușit o data cumva sa corupt ceva partiție/sector și n-am avut ce sa ii mai fac. Full disk wipe.
  10. Agent livrator rent a car Bucuresti

    Hai ca nu suntem chiar BestJobs.
  11. O lista cu câteva zeci de metode de bypass pentru AppLocker. Se actualizează constant. Link: https://github.com/api0cradle/UltimateAppLockerByPassList
  12. O sa fie inlocuit cu Expect-CT. https://scotthelme.co.uk/a-new-security-header-expect-ct/ https://www.certificate-transparency.org/what-is-ct
  13. Se pare ca HPKP o sa dispara din Chrome. Link: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/he9tr7p3rZ8
  14. Offer job bine platit

    Numai posturi cu joburi dubioase și spam prin e-mail și sms. Nu e bine. Ban.
×